A British company called Gamma International marketed hacking software to
governments that exploited the vulnerability via a bogus update to iTunes,
Apple's media player, which is installed on more than 250 million machines
worldwide.

The hacking software, FinFisher, is used to spy on intelligence targets’
computers. It is known to be used by British agencies and earlier this year
records were discovered in abandoned offices of that showed it had been
offered to Egypt’s feared secret police.

Apple was informed about the relevant flaw in iTunes in 2008, according to
Brian Krebs, a security writer, but did not patch the software until earlier
this month, a delay of more than three years.

“A prominent security researcher warned Apple about this dangerous
vulnerability in mid-2008, yet the company waited more than 1,200 days to
fix the flaw,” he saidin
a blog post.